On Thu, 2004-08-19 at 19:10, Richard Hally wrote:
> The new xorg-X11(6.7.99.902-1) will not start with the current strict
> SELinux policy(1.15.16-1) in enforcing mode. (xorg-x11-*6.7.0-7.2 works
> just fine). I have not tried permissive mode.
> It looks like something has changed in X11 that has to do with the
> fonts and the SE policy has not been updated to handle it but that is
> just speculation.
I applied the patch below to my /etc/init.d/xfs to fix. This patch
restores the type on /tmp/.font-unix when it is re-created by
/etc/init.d/xfs. I assume that previously xfs was directly creating the
directory itself, so that the file_type_auto_trans rule for xfs_t was
sufficient to label it, but since it is now being created by the init
script, it is getting a different type.
--- /etc/init.d/xfs.old 2004-08-18 14:45:54.000000000 -0400
+++ /etc/init.d/xfs 2004-08-20 07:16:01.539914488 -0400
@@ -78,6 +78,7 @@
mkdir $FONT_UNIX_DIR
chown root:root $FONT_UNIX_DIR
chmod 1777 $FONT_UNIX_DIR
+ restorecon $FONT_UNIX_DIR
daemon xfs -droppriv -daemon
ret=$?
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
